From 9441b56cdec1f05297082d12900ca4fe6853b0d1 Mon Sep 17 00:00:00 2001 From: Shane Alcock Date: Fri, 1 Mar 2019 13:33:23 +1300 Subject: [PATCH 1/3] Update version number in rpm spec file --- rpm/libwandio1.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rpm/libwandio1.spec b/rpm/libwandio1.spec index 10c9298..48174fc 100644 --- a/rpm/libwandio1.spec +++ b/rpm/libwandio1.spec @@ -1,5 +1,5 @@ Name: libwandio1 -Version: 4.1.0 +Version: 4.1.1 Release: 1%{?dist} Summary: C Multi-Threaded File Compression and Decompression Library From 2fc4aa11b29462d2826048a034af0f60909d04a7 Mon Sep 17 00:00:00 2001 From: Alistair King Date: Tue, 5 Mar 2019 15:19:01 -0800 Subject: [PATCH 2/3] Fix off-by-one bug when calculating swift token length --- lib/swift-support/keystone.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/swift-support/keystone.c b/lib/swift-support/keystone.c index d33163a..261b3d5 100644 --- a/lib/swift-support/keystone.c +++ b/lib/swift-support/keystone.c @@ -85,15 +85,15 @@ static size_t auth_header_cb(char *buf, size_t size, size_t nmemb, void *data) { keystone_auth_token_t *token = (keystone_auth_token_t *)data; size_t buflen = size * nmemb; char *p; - int chomplen = 0; + size_t chomplen = 0; int token_len = 0; if (buflen > strlen(TOKEN_HDR) && strncmp(buf, TOKEN_HDR, strlen(TOKEN_HDR)) == 0) { // figure out how much trailing garbage there is (e.g., newline) // apparently it is possible that there will be none - p = buf + buflen; - while (*p == '\0' || *p == '\n' || *p == '\r') { + p = buf + buflen - 1; + while ((chomplen < buflen) && (*p == '\0' || *p == '\n' || *p == '\r')) { p--; chomplen++; } From f330a90669e527df00e53007b2099cd15dee454e Mon Sep 17 00:00:00 2001 From: Shane Alcock Date: Wed, 6 Mar 2019 13:08:36 +1300 Subject: [PATCH 3/3] Bump version number to 4.1.2, pending release --- ChangeLog | 4 ++++ README | 2 +- configure.ac | 4 ++-- debian/changelog | 6 ++++++ lib/Makefile.am | 2 +- rpm/libwandio1.spec | 2 +- 6 files changed, 15 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index c958777..aa8de4e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +Version 4.1.2 +============= + * Fix buffer overflow bug in the swift reading code (thanks Alistair). + Version 4.1.1 ============= * Fix bad version numbering of installed libwandder.so diff --git a/README b/README index 188a20c..b778cac 100644 --- a/README +++ b/README @@ -1,4 +1,4 @@ -WANDIO 4.1.1 +WANDIO 4.1.2 --------------------------------------------------------------------------- Copyright (c) 2007-2019 The University of Waikato, Hamilton, New Zealand. diff --git a/configure.ac b/configure.ac index 231211b..ae9d764 100644 --- a/configure.ac +++ b/configure.ac @@ -3,11 +3,11 @@ # Now you only need to update the version number in two places - below, # and in the README -AC_INIT([wandio],[4.1.1],[contact@wand.net.nz],[wandio]) +AC_INIT([wandio],[4.1.2],[contact@wand.net.nz],[wandio]) WANDIO_MAJOR=4 WANDIO_MID=1 -WANDIO_MINOR=1 +WANDIO_MINOR=2 # OpenSolaris hides libraries like libncurses in /usr/gnu/lib, which is not # searched by default - add it to LDFLAGS so we at least have a chance of diff --git a/debian/changelog b/debian/changelog index b6d349d..3fba6fb 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +libwandio1 (4.1.2-1) unstable; urgency=medium + + * Fix swift buffer overflow bug + + -- Shane Alcock Wed, 06 Mar 2019 13:07:02 +1300 + libwandio1 (4.1.1-1) unstable; urgency=medium * Fix bad version number for installed .so diff --git a/lib/Makefile.am b/lib/Makefile.am index 7b035ad..16bb1bc 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -73,5 +73,5 @@ libwandio_la_SOURCES=wandio.c ior-peek.c ior-stdio.c ior-thread.c \ AM_CPPFLAGS = @ADD_INCLS@ libwandio_la_LIBADD = @LIBWANDIO_LIBS@ -libwandio_la_LDFLAGS=-version-info 5:1:1 @ADD_LDFLAGS@ +libwandio_la_LDFLAGS=-version-info 5:2:1 @ADD_LDFLAGS@ diff --git a/rpm/libwandio1.spec b/rpm/libwandio1.spec index 48174fc..7089115 100644 --- a/rpm/libwandio1.spec +++ b/rpm/libwandio1.spec @@ -1,5 +1,5 @@ Name: libwandio1 -Version: 4.1.1 +Version: 4.1.2 Release: 1%{?dist} Summary: C Multi-Threaded File Compression and Decompression Library